Researchers have observed a rise in malicious activity on the VSCode Marketplace, exposing its vulnerability to supply chain attacks similar to those previously seen in the npm community.
Malicious actors are increasingly exploiting npm packages, such as etherscancontracthandler, to distribute harmful code, reflecting tactics used in VSCode extensions and highlighting the need for greater vigilance in both ecosystems.
Malicious supply chain attacks
VSCode extensions, built with Node.js and npm packages, can be vulnerable because they may include compromised dependencies. Although extensions are often considered safe, their reliance on external packages creates a risk. Malicious npm packages installed in VSCode can harm local development environments, emphasizing the importance of thorough security checks for packages.
In October 2024, 18 malicious VSCode extensions with downloader functionality were discovered.
A cryptocurrency-themed phishing campaign targeted Zoom users with malicious browser extensions disguised as legitimate tools, using fake download counts and reviews to appear credible.
These extensions, posing as Solidity Language support for VSCode, used JavaScript obfuscation to hide scripts downloading second-stage payloads from domains like Microsoft and CaptchaCDN. Similarly, a malicious npm package, etherscancontracthandler, targeted the crypto community, downloading secondary payloads with a consistent identifier.
Malicious code was discovered in VSCode extensions and npm packages with similar structures. The malicious npm package, downloaded about 350 times, was reported and quickly removed.
IDEs and their extensions pose security risks due to potential misuse, making regular security assessments vital to protect development environments and supply chains.
Reversing Labs emphasizes the vulnerability of npm and VSCode ecosystems, where compromised packages can enable backdoors and data theft. Organizations and developers must evaluate third-party dependencies and adopt strong security measures to reduce these risks.
Leave A Comment